distribution : artful (ubuntu 17.10)
package libssl-dev [1.0.2g]
the package libssl-dev claims to be 1.0.2g, but it seems to be older
header-version 1.0.0, as it lacks the constant
./crypto/x509/x509_vfy.h:# define X509_V_ERR_INVALID_CALL
65
It seems libssl binary package is also 1.0.0
ii libssl-dev:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit -
development files
ii libssl-doc 1.0.2g-1ubuntu13.3
all Secure Sockets Layer toolkit -
development documentation
ii libssl1.0.0:amd64 1.0.2g-1ubuntu13.3
amd64 Secure Sockets Layer toolkit - shared
libraries
This could be a security issue, shipping a library 1.0.0 claiming to be
1.0.2g
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
